Phishing Tales of Terror!
When the FBI has a live site dedicated to informing the general public about current and imminent security threats, it’s probably something you want to be aware of. When these same threats start making weekly headlines, ruining lives and costing companies around the world millions of dollars in damages, then it’s time to stand up and take notice.
The stories that follow are not fun and do not have a happy ending, but by reading them and learning from the mistakes of others, you may just be able to reduce your chances of joining these victims. The topic, of course, is phishing and below are few tales we think you should know:
The whalers that scammed $17 million
For Keith McMurtry, the Scoular Co. financial corporate controller, the day began like many others…with an email.Keith received an email request from the CEO Chuck Elsea to make a small money transfer to a Chinese bank on his behalf. As an upper level financial executive for a company with over $6 billion in annual revenue this was a normal occurrence, and after seeing that accounting had been CC’d, McMurtry didn’t think twice about following the boss’s orders. Over the next few days, additional requests came and more money was sent to a small number of foreign accounts, and McMurtry even spoke to a representative of the Chinese accounting firm over the phone to work out the details of the transfer. Within a week it was discovered the emails and phone call were all part of a simple, yet effective targeted phishing attack. In less than a week, Scoular Co. had lost over $17 million.
Phishing for data
While the goal of these phishing attacks is usually to steal money, every so often these phishers set out to steal something more disruptive, damaging, and much more sensitive – your personal information.
While most would see the email, note the bogus address and send it to the deepest depths of their trash bins, it just takes one single slip-up within a company to compromise the entire organization and it’s customer base.
This was the case for Epsilon.
In April 2011, employees at over 50 different marketing firms including Epsilon all received a similarly styled message purporting to be from an old friend with a common name, wanting to share photos from their recent wedding. While it isn’t reported just how many clicked on the email, at least one person did, instantly infecting their computer with three pieces of malware designed to steal and distribute vast amounts of personal information about the company’s clientele. With over a billion consumer email addresses and other private data leaked the damage was estimated to be in the tens of millions of dollars. This large scale phishing attack succeeded not because it was particularly clever or well timed, but simply because attackers have started to realize that by appealing to victims emotions through a form of psychological manipulation they can increase the effectiveness of these attacks.
We can go on an tell you about the time Target lost 110 Million customer credit card records, or the time RSA Security lost security tokens that allowed criminals to break in and steal from US defense suppliers…but we think you get the point.
To learn more and strategies you can use to identify and combat these increasingly tricky phishing attacks, read our new eBook, Harpooning Executives: How phishing evolved into the C-suite. In it you will learn how to keep your business from turning into one of these horror stories…and don’t forget to follow the conversation online at #phishingevolves.
If you have any questions, you can reach us at 800-379-7729.